Assoc. Dir, Cybersecurity & Compliance Location: Albuquerque, NM, United States Job ID: 6088899 Date Posted:Feb 19, 2025 **JOB DESCRIPTION** **Associate Director, Cybersecurity & Compliance** Salary Grade: G03 Minimum Midpoint Maximum $121,529 - $164,065 - $206,600 This position is posted until filled. Personnel in this job title may be covered by NERC CIP cyber security standards. If the position is covered, prior to being hired, promoted, or transferred into the position, the candidate must successfully pass a Personnel Risk Assessment, which includes identity verification and a criminal background check. Prior to being granted unescorted access to cyber secure areas, the candidate must attend cyber security training. Annual cyber security training is required. Given the financial nature of this position, this position has been defined as a position requiring a credit check. Prior to being hired, promoted, or transferred into the position, the candidate must successfully pass a credit background check. SUMMARY: The Associate Director of Cybersecurity is responsible for leadership of an organizational function to secure electronic assets and records from unauthorized access, modification or loss. Ensures information security teams implement and maintain controls necessary to protect assets and meet regulatory compliance requirements. ESSENTIAL DUTIES AND RESPONSIBILITIES: + Delivers a strategy for enterprise Cybersecurity and Information Security + Acquires and manages the necessary resources, including leadership support, financial resources, security tools and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk + Leads and aligns information technology (IT) security priorities based on the security strategy + Communicates the value of cybersecurity to all stakeholder throughout all levels of the organization + Establishes overall enterprise information security architecture based on the organization¿s overall security strategy + Ensures that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s) + Advises senior leadership on external and enterprise cyber risk levels and organizational cybersecurity posture + Advises senior leadership of landscape or enterprise changes affecting the organization's cybersecurity posture + Interprets and/or approve security requirements relative to the capabilities of new system and information technologies + Ensures that security improvement actions are evaluated, validated, and implemented as required + Leads and oversees information security budget, provide high level leadership for security initiatives and projects + Provides leadership for department managers, and high level oversight of staffing and resource contracting + Ensures that cybersecurity inspections, tests, reviews, threat hunting, and risk analysis are coordinated for the enterprise network environment + Leads efforts to ensure adherence to internal corporate policies and procedures as well as rules published by external regulatory agencies COMPETENCIES: + In-depth knowledge of energy industry business processes to successfully deliver services. + Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series,ISA, or COBIT. + Excellent skills in risk assessment processes, policy development, proposals, work statements, product evaluation. + Demonstrated skills in preparing proposals, presentations, and direct interaction with senior-level leadership. + Ability to perform multiple tasks and meet critical deadlines while maintaining accuracy and quality. + Ability to effectively collaborate with a variety of stakeholders. High degree of flexibility and creativity. + Ability to perform multiple tasks and meet critical deadlines while maintaining accuracy and quality + Excellent communication skills + Demonstrated leadership and mentoring skills combined with the ability to build relationships with business partners MINIMUM EDUCATION AND/OR EXPERIENCE: Bachelor's degree from four-year college or university with seven to nine years related experience including two years of management experience, or equivalent combination of education and/or experience related to the discipline. Certification in security related field: CISSP, CISA, CRISC, C|CISO. Master's degree preferred. SUPERVISORY RESPONSIBILITIES: The Associate Director of Cybersecurity directly oversee the Manager of Information Security Governance and the Manager of Information Security Engineering and Operations. Each of those managers also have direct reports. There will be 19 employees directly or indirectly under this associate director. Responsible for the development and performance management, training, organizing, prioritizing, and scheduling work. SCOPE AND IMPACT Responsible for high level leadership of other leaders, managers, and teams of professional and senior professional staff members who secure electronic assets and records from unauthorized access, modification or loss. Ensures information security teams implement and maintain controls necessary to protect assets and meet regulatory compliance requirements. Electronic protection of systems within the scope of this position is intended to minimize potential costs directly related to operational, legal, regulatory, and reputation risk from a security incident or regulatory non-compliance. Assists with managing budget (approx $2-4 million annually) plus the payroll of FTE's. COMMUNICATION SKILLS: Ability to read, analyze, and interpret common scientific and technical journals, financial reports, and legal documents Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community Ability to effectively present information to top management, public groups, and/or boards of directors ANALYSIS AND PROBLEM-SOLVING ABILITY: Ability to solve complex practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions, legal documentation, laws and information furnished in written, oral, diagram, or schedule form. Knowledge of consulting skills, project management skills, contracting skills, and leadership skills. Participates in the development of organizational staffing, budget, and strategic business plans in collaboration with the executive team and other IT leaders. DECISION MAKING Highly motivated and proactive. Has the latitude to unilaterally take a variety of operational actions in order to contain an incident and secure the environment when faced with a threat pursuant to standard operating procedures. Follows policies and procedures concerning information management in the policy. Monitors emerging technologies, products, services, and other industry trends and collaborates with a wide range of stakeholders to develop a technological roadmap for cybersecurity controls and cyber risk reduction capabilities. PHYSICAL DEMANDS: While performing the duties of this job, the employee is regularly required to sit up to 2/3 of the time. The employee must occasionally lift and/or move up to 30 pounds. WORK ENVIRONMENT: Office environment. Occasional overnight, and international travel may be required. **EQUAL OPPORTUNITY STATEMENT** Safety Statement: Safety is a core value at PNM and our vision, ¿everyone goes home safe¿, reflects our commitment to promoting an environment conducive to learning, improving and building safety practices. Our safety value is built upon the belief that every employee deserves to work in an environment free from harm. Americans with Disabilities Act (ADA) Statement: PNM is committed to providing reasonable accommodations for qualified individuals with disabilities in compliance with the ADA. If you require assistance with the job application process due to a disability, please contact HR ADA Analyst, at 505-241-4627. DEI Statement: PNM, we value the diversity of our workforce and actively seek opportunities for incorporating Diversity, Equity, and Inclusion (DEI) within our family of companies. We believe a diverse workforce enriches our environment and helps us better meet the needs of our employees, customers, and shareholders. We remain committed to attracting and sustaining a diverse workforce and retaining high-performing employees who work collaboratively to carry out the Company's purpose. PNM and affiliates are Equal Opportunity/Affirmative Action employers. Women, minorities, disabled individuals and veterans are encouraged to apply.